EP1962193A1 - Dispositif de circuit pour la commande d'une charge et procédé correspondant - Google Patents

Dispositif de circuit pour la commande d'une charge et procédé correspondant Download PDF

Info

Publication number
EP1962193A1
EP1962193A1 EP08101349A EP08101349A EP1962193A1 EP 1962193 A1 EP1962193 A1 EP 1962193A1 EP 08101349 A EP08101349 A EP 08101349A EP 08101349 A EP08101349 A EP 08101349A EP 1962193 A1 EP1962193 A1 EP 1962193A1
Authority
EP
European Patent Office
Prior art keywords
register
data
record
load
control
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
EP08101349A
Other languages
German (de)
English (en)
Other versions
EP1962193B1 (fr
Inventor
Bernhard Förstl
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Continental Automotive GmbH
Original Assignee
Continental Automotive GmbH
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Continental Automotive GmbH filed Critical Continental Automotive GmbH
Publication of EP1962193A1 publication Critical patent/EP1962193A1/fr
Application granted granted Critical
Publication of EP1962193B1 publication Critical patent/EP1962193B1/fr
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/0796Safety measures, i.e. ensuring safe condition in the event of error, e.g. for controlling element
    • HELECTRICITY
    • H03ELECTRONIC CIRCUITRY
    • H03KPULSE TECHNIQUE
    • H03K17/00Electronic switching or gating, i.e. not by contact-making and –breaking
    • H03K17/51Electronic switching or gating, i.e. not by contact-making and –breaking characterised by the components used
    • H03K17/56Electronic switching or gating, i.e. not by contact-making and –breaking characterised by the components used by the use, as active elements, of semiconductor devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/16Error detection or correction of the data by redundancy in hardware
    • G06F11/1608Error detection by comparing the output signals of redundant hardware
    • G06F11/1625Error detection by comparing the output signals of redundant hardware in communications, e.g. transmission, interfaces
    • HELECTRICITY
    • H02GENERATION; CONVERSION OR DISTRIBUTION OF ELECTRIC POWER
    • H02JCIRCUIT ARRANGEMENTS OR SYSTEMS FOR SUPPLYING OR DISTRIBUTING ELECTRIC POWER; SYSTEMS FOR STORING ELECTRIC ENERGY
    • H02J13/00Circuit arrangements for providing remote indication of network conditions, e.g. an instantaneous record of the open or closed condition of each circuitbreaker in the network; Circuit arrangements for providing remote control of switching means in a power distribution network, e.g. switching in and out of current consumers by using a pulse code signal carried by the network
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring

Definitions

  • the present invention relates to a circuit device for driving a load, in particular in the field of automotive engineering. Moreover, the present invention relates to a control system having a control unit and said circuit device and a corresponding method for driving a load.
  • safe state As a rule, the state that was active and valid before the error occurred is the safe state.
  • This concept of "safe state” can be explained using the example of an electronic steering wheel lock as follows: Was an electronic steering wheel lock at time t1 unlocked, d. H. the steering is released and bolts do not block the steering, so under no circumstances should the steering wheel lock be activated in the event of a fault. Conversely, if the steering wheel lock was activated at time t2, it must remain locked in the event of a fault.
  • the object of the present invention is therefore to achieve a safe state of a system with the least possible redundancy measures.
  • a circuit device comprising a first register for receiving control data from an external control device, a second register for receiving the same control data from the external control device, a third register for outputting data to the load to be controlled, a transmission device for Transmitting data from the second register to the third register, first comparison logic for comparing the contents of the second register with that of the third register, and sending an interrupt or control signal to the external controller if the two contents are not equal, second comparison logic for comparing the contents of the first register with that of the second register and for enabling the transmission means if the contents of the two registers are the same, and otherwise for disabling the transmission means.
  • a control system for driving a load having a circuit device as shown above and a controller having a first output interface for outputting the control data to the first register, a second output interface for outputting the same control data to the second register, and a control signal processing unit such that data output is initiated in each of the first and second output interfaces when the control signal processing unit receives a corresponding interrupt or control signal from the first comparison logic.
  • a method of driving a load by comparing a first record of a second register with a second record of a third register, driving the load with the second record of the third register when the first and second records are the same otherwise, performing the following steps: overwriting the first record with a third record in a second register, transferring a fourth record with the same Data of the third record to a first register, comparing the records in the first register and the second register, copying the third record from the second register to the third register when the third and fourth records are the same, and driving the load with third record of the third register when the copied third record in the third register is equal to the third record in the second register.
  • the above-mentioned circuit device has an SPI interface whose receive register is the first register.
  • a serial standard interface can be used for the circuit device.
  • the circuit device according to the invention can also be designed as ASIC. Thus, a favorable for the serial production form of the circuit device can be provided.
  • the circuit device has a safety unit, which finally releases the transmission device only when it has received a suitable key from the external control unit. This can ensure that the external control device and the communication with the circuit device function properly before the load is driven with new data.
  • the first output interface is serial and the second output interface is parallel. Only when the data is transmitted the same way over these two different interfaces, there is a high degree of certainty that the load should actually be redirected with the transmitted data.
  • the load 2 may be, for example, a motor, a valve or the like.
  • a driver 3 is connected in a known manner, which applies the appropriate power for driving the load 2. It is connected in a likewise known manner by means of switches 4, 5 between the "terminal 31" (ground) and "terminal 30" (battery voltage) to ensure double security.
  • Activation of the load 2 does not take place directly via the central unit 1, which as a rule has a microcontroller, but via an interposed switched component, in this case the ASIC 6.
  • This consists essentially of three register blocks 7, 8 and 9.
  • it has a first comparison logic 10 for comparing the register 7 with the register 8 and a second comparison logic 11 for comparing the register 8 with the register 9 on.
  • the first comparison logic 11 generates an interrupt IRQ or NMI or a corresponding control signal whenever the states of the registers 8 and 9, ie their register contents S1 to Sn and R1 to Rn are different.
  • the data for the register 8 are introduced in parallel from the controlling central unit 1, which has a GPIO interface 12.
  • the SPI interface 14 of the ASIC 6 has the above-mentioned first register 7 with the register contents Q1 to Qn, in which now the serially received data are stored.
  • the second comparison logic 10 now compares the contents of the registers 7 and 8 and checks the received key. If the contents of the two registers 7 and 8 are the same and the key is error-free, the register contents S1 to Sn of the register 8 are transferred to the register 9 by means of a driver circuit 19.
  • the comparison thus checks whether the serial transmission (SPI) and the parallel transmission (GPIO) have taken place correctly. Ie. the redundant transmission provides information about whether the central unit 1 and the ASIC 6 work properly. In this way it can be ensured, for example, that the program sequences of the central processing unit 1 are processed as expected.
  • the central unit 1 Due to the communication of the central unit 1 with the ASIC 6, the central unit 1 according to the invention again actively requested to confirm the conditions that led to a change of state.
  • Another advantage of the system according to the invention is the use of control bits separate from data bits (information). This separation in conjunction with the redundant transmission can prevent a simple error (readjusted ports of the central processing unit 1) from leading to an undefined, unsafe system state. The key thus acts as an access authorization to the output register 9.
  • the ASIC 6 can be supplied with voltage (+ 12V) via the protected "Terminal 30".
  • a voltage converter 15 whose output voltage is Vcc_1 is integrated into the ASIC 6 in the example shown in the figure.
  • the voltage supply can also be effected via a voltage Vcc_2.
  • a corresponding logic 16 ensures that the ASIC 6 or the SPI interface 14 is supplied with the voltage Vcc_1 or Vcc_2.
  • the power supply with its own voltage regulator 15 is therefore possible without much effort in the ASIC 6, since the power consumption, which is essentially determined by the registers 7, 8, 9, is very low (usually ⁇ 50 ⁇ A). Namely, because of this low power consumption, the power loss resulting from the transformation from + 12V to + Vcc_1 (+ 3V / + 5V) can be kept low.
  • a signal is transmitted from the load 2 to the central unit 1.
  • This has an AD converter 18 for this purpose.
  • the ASIC according to the invention represents a cost-effective alternative to typical security concepts, which are based exclusively on redundancy, which is implemented, for example, by program sequences split on at least two microcontrollers.
  • the redundant information processing (parallel processing by GPIO and serial processing by SPI) reliably detects single errors.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Quality & Reliability (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Power Engineering (AREA)
  • Safety Devices In Control Systems (AREA)
  • Hardware Redundancy (AREA)
  • Combined Controls Of Internal Combustion Engines (AREA)
  • Control Of Electric Motors In General (AREA)
EP08101349A 2007-02-19 2008-02-07 Dispositif de circuit pour la commande d'une charge et procédé correspondant Expired - Fee Related EP1962193B1 (fr)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
DE102007008168A DE102007008168A1 (de) 2007-02-19 2007-02-19 Schaltungsvorrichtung und entsprechendes Verfahren zum Ansteuern einer Last

Publications (2)

Publication Number Publication Date
EP1962193A1 true EP1962193A1 (fr) 2008-08-27
EP1962193B1 EP1962193B1 (fr) 2010-04-28

Family

ID=39577869

Family Applications (1)

Application Number Title Priority Date Filing Date
EP08101349A Expired - Fee Related EP1962193B1 (fr) 2007-02-19 2008-02-07 Dispositif de circuit pour la commande d'une charge et procédé correspondant

Country Status (7)

Country Link
US (1) US20080201559A1 (fr)
EP (1) EP1962193B1 (fr)
JP (1) JP2008206390A (fr)
KR (1) KR20080077334A (fr)
CN (1) CN101271317A (fr)
BR (1) BRPI0800113A (fr)
DE (2) DE102007008168A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2639697A1 (fr) * 2012-03-13 2013-09-18 PHOENIX CONTACT GmbH & Co. KG Système de surveillance de valeur mesurée et d'arrêt lors de la survenue d'écarts de valeur mesurée

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP5494255B2 (ja) * 2010-06-07 2014-05-14 富士電機株式会社 安全制御システム
CN102522821B (zh) * 2011-12-01 2015-01-07 许继电气股份有限公司 一种智能变电站中智能终端设备及其控制方法
US9964597B2 (en) * 2016-09-01 2018-05-08 Texas Instruments Incorporated Self test for safety logic
CN111216131B (zh) * 2020-01-21 2023-03-24 重庆邮电大学 基于柔性执行器驱动的机器人串级抗干扰控制方法及系统
CN111305781B (zh) * 2020-04-15 2022-03-29 重庆地质矿产研究院 一种油田井下水力切缝用位移装置

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4635223A (en) * 1983-05-16 1987-01-06 Motorola, Inc. Fail safe protection circuitry for a commerical microprocessor in encryption equipment
EP0319799A2 (fr) 1987-12-09 1989-06-14 Siemens Aktiengesellschaft Circuit et procédé d'amélioration de la robustesse de registre
US5307409A (en) * 1992-12-22 1994-04-26 Honeywell Inc Apparatus and method for fault detection on redundant signal lines via encryption

Family Cites Families (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5798785A (en) * 1992-12-09 1998-08-25 Discovery Communications, Inc. Terminal for suggesting programs offered on a television program delivery system
US5481296A (en) * 1993-08-06 1996-01-02 International Business Machines Corporation Apparatus and method for selectively viewing video information
US5410344A (en) * 1993-09-22 1995-04-25 Arrowsmith Technologies, Inc. Apparatus and method of selecting video programs based on viewers' preferences
US5629733A (en) * 1994-11-29 1997-05-13 News America Publications, Inc. Electronic television program guide schedule system and method with display and search of program listings by title
US5758257A (en) * 1994-11-29 1998-05-26 Herz; Frederick System and method for scheduling broadcast of and access to video programs and other data using customer profiles
US6005561A (en) * 1994-12-14 1999-12-21 The 3Do Company Interactive information delivery system
EP0836320B1 (fr) * 1996-10-08 2006-03-22 Matsushita Electric Industrial Co., Ltd. Méthode pour la réception d'informations et dispositif de réception d'informations utilisant cette méthode
US6177931B1 (en) * 1996-12-19 2001-01-23 Index Systems, Inc. Systems and methods for displaying and recording control interface with television programs, video, advertising information and program scheduling information
US6266664B1 (en) * 1997-10-01 2001-07-24 Rulespace, Inc. Method for scanning, analyzing and rating digital information content
US6005597A (en) * 1997-10-27 1999-12-21 Disney Enterprises, Inc. Method and apparatus for program selection
US6614987B1 (en) * 1998-06-12 2003-09-02 Metabyte, Inc. Television program recording with user preference determination
JP4198786B2 (ja) * 1998-06-30 2008-12-17 株式会社東芝 情報フィルタリングシステム、情報フィルタリング装置、映像機器および情報フィルタリング方法
DE19830625B4 (de) * 1998-07-09 2008-04-03 Robert Bosch Gmbh Digitale Schnittstelleneinheit
US6457010B1 (en) * 1998-12-03 2002-09-24 Expanse Networks, Inc. Client-server based subscriber characterization system
US6408295B1 (en) * 1999-06-16 2002-06-18 International Business Machines Corporation System and method of using clustering to find personalized associations
JP3842144B2 (ja) * 2002-02-20 2006-11-08 三菱電機株式会社 車載電子制御装置
JP3697427B2 (ja) * 2002-05-20 2005-09-21 三菱電機株式会社 車載電子制御装置
US7000037B2 (en) * 2002-10-24 2006-02-14 Josef Rabinovitz Large array of mass data storage devices connected to a computer by a serial link
JP4574141B2 (ja) * 2003-08-29 2010-11-04 キヤノン株式会社 プリント装置および調整方法

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4635223A (en) * 1983-05-16 1987-01-06 Motorola, Inc. Fail safe protection circuitry for a commerical microprocessor in encryption equipment
EP0319799A2 (fr) 1987-12-09 1989-06-14 Siemens Aktiengesellschaft Circuit et procédé d'amélioration de la robustesse de registre
US5307409A (en) * 1992-12-22 1994-04-26 Honeywell Inc Apparatus and method for fault detection on redundant signal lines via encryption

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2639697A1 (fr) * 2012-03-13 2013-09-18 PHOENIX CONTACT GmbH & Co. KG Système de surveillance de valeur mesurée et d'arrêt lors de la survenue d'écarts de valeur mesurée

Also Published As

Publication number Publication date
BRPI0800113A (pt) 2008-10-07
DE502008000581D1 (de) 2010-06-10
DE102007008168A1 (de) 2008-08-28
JP2008206390A (ja) 2008-09-04
EP1962193B1 (fr) 2010-04-28
KR20080077334A (ko) 2008-08-22
US20080201559A1 (en) 2008-08-21
CN101271317A (zh) 2008-09-24

Similar Documents

Publication Publication Date Title
DE10326287B4 (de) Fahrzeug-Kommunikationssystem, Initialisierungseinheit sowie im Fahrzeug eingebaute Steuereinheit
DE4334260C2 (de) Steuervorrichtung für ein Fahrzeug mit einer Antiblockier-Bremseinrichtung und einer Servolenkeinrichtung
DE19650104B4 (de) Elektronische Steuervorrichtung für ein Kraftfahrzeug
EP1040028B1 (fr) Procede de detection d'erreurs de microprocesseurs d'appareils de commande de vehicules automobiles
EP2425304B1 (fr) Système de commande pour faire fonctionner de manière fiable au moins un composant fonctionnel
EP1962193B1 (fr) Dispositif de circuit pour la commande d'une charge et procédé correspondant
EP1989470B1 (fr) Concept de sécurité pour un dispositif de positionnement à engrenage
EP3768574B1 (fr) Architectures à commande par câble électrique
DE19509150C2 (de) Verfahren zum Steuern und Regeln von Fahrzeug-Bremsanlagen sowie Fahrzeug-Bremsanlage
DE10211278A1 (de) Verfahren zur Ansteuerung einer Komponente eines verteilten sicherheitsrelevanten Systems
WO2006053638A1 (fr) Procede et dispositif de verrouillage d'une colonne de direction
EP1370914A1 (fr) Procede de fonctionnement d'un systeme de securite distribue
EP1615087A2 (fr) Unité de commande et de régulation
WO2008017438A1 (fr) Système d'asservissement pour une unité d'entraînement d'un véhicule automobile
DE112020005705T5 (de) Lenksteuervorrichtung und lenksteuerverfahren
DE102011087063A1 (de) Kontrollrechnersystem und Verfahren zur beschleunigten Initialisierung einzelner Module
EP2337727B1 (fr) Système de direction assistée et procédé pour faire fonctionner un système de direction assistée
DE4416879A1 (de) Steuergerät
DE102018220788A1 (de) Vorrichtung und Verfahren zum Steuern einer Signalverbindung eines Fahrzeugs
DE102007046706A1 (de) Steuervorrichtung für Fahrzeuge
EP1743820B1 (fr) Dispositif de contrôle pour commander d'un actionneur
DE102011100982A1 (de) Anlage mit einem Steuersystem zur Steuerung von Anlagefunktionen
DE102010044280A1 (de) Vorrichtung und Verfahren zur Regelung eines Doppelkupplungsgetriebes
DE102015203250A1 (de) Sicherheitsvorrichtung und Verfahren zum Überführen eines Aktorsystems in einen sicheren Zustand, Aktorsystem und Verfahren zum Betreiben eines Aktorsystems
DE102015119611B4 (de) Verbesserung der Diagnostizierbarkeit von Fail-operational Systemen

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MT NL NO PL PT RO SE SI SK TR

AX Request for extension of the european patent

Extension state: AL BA MK RS

17P Request for examination filed

Effective date: 20090227

17Q First examination report despatched

Effective date: 20090325

AKX Designation fees paid

Designated state(s): DE ES FR GB IT

GRAP Despatch of communication of intention to grant a patent

Free format text: ORIGINAL CODE: EPIDOSNIGR1

GRAS Grant fee paid

Free format text: ORIGINAL CODE: EPIDOSNIGR3

GRAA (expected) grant

Free format text: ORIGINAL CODE: 0009210

AK Designated contracting states

Kind code of ref document: B1

Designated state(s): DE ES FR GB IT

REG Reference to a national code

Ref country code: GB

Ref legal event code: FG4D

Free format text: NOT ENGLISH

REF Corresponds to:

Ref document number: 502008000581

Country of ref document: DE

Date of ref document: 20100610

Kind code of ref document: P

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: ES

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20100808

PLBE No opposition filed within time limit

Free format text: ORIGINAL CODE: 0009261

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: IT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20100428

26N No opposition filed

Effective date: 20110131

REG Reference to a national code

Ref country code: FR

Ref legal event code: ST

Effective date: 20111102

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: FR

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20110228

GBPC Gb: european patent ceased through non-payment of renewal fee

Effective date: 20120207

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: GB

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20120207

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: DE

Payment date: 20180228

Year of fee payment: 11

REG Reference to a national code

Ref country code: DE

Ref legal event code: R119

Ref document number: 502008000581

Country of ref document: DE

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: DE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20190903